LinkBack URL
About LinkBacks
Reply With QuoteFrom what we have been able to determine...
We think that when the Domain Security Settings are sent to the workstation they land in the %WinDir%\Security\Templates\Policies directory. The workstation will then attempt to apply the settings to the security database SecEdit.SDB. If there is a problem or the system is unable to post the settings to the database I think they will be stored in files in the %WinDir%\Security directory, ...EDB.chk, EDB.Log, Res1.Log, Res2.Log are examples we have seen.
After a reboot, or sometimes more then one, the system will write the settings to the database and delete these files. We have observed this behaviour in freshly imaged workstations that, after imaging are left with the Local Admin account logged in. The files mentioned above are in the Security directory and after rebooting are gone.
This implies that on broken workstations the end target of the Security GPOs is the SecEdit.SDB database. These files, if they exist on the workstation, are/might be settings that are 'stuck in the pipe'. Some of these files are, at times, locked by the system. This indicates a need for a reboot and a forced deletion before the system locks them again or attempts to apply them to the fixed SecEdit.SDB database.
Comments ? Is this true ?
As far as why the SecEdit.SDB gets corrupted... we have noticed this behaviour when the DST ( Daylight Savings Time ) of the image is different from the current DST... or if the time isn't set correctly when imaging a new system. Currently our solution was to remove the TimeZone=035 from SysPrep.INF so that when re-applying the image you are asked and can change the time and region to the correct...
1202 with 0x4b8 Errors will be posted to the Event Log...
